<?php
    session_start();
    require_once('userlevel.php'); //Require/include the permissions file
    require_once('template.php'); //Require/include the functions file
    require_once('functions.php'); //Require/include the template file
    require_once('db.php'); //Require/include the file with the database connection information
     
    if (!$_SESSION['user_loggedin']) {
        die ("Not logged in... <script>document.location.href='login.php'</script>");
    } elseif (!($_SESSION['userlevel'] >= $userlevel['createuser'])) {
        die (errorpage ("Your user level is not high enough to use this feature!", 'Create User Account'));
    } else {
         
        //Check to see if the form has been submitted by checking if any of the fields have data in them
        if (isset($_POST['username']) OR isset($_POST['password'])OR isset($_POST['email']) OR isset($_POST['firstname']) OR isset($_POST['lastname'])) {
            //Check if the required fields have been filled out
            if (empty($_POST['username'])) {
                die (errorpage ("Please enter a username!", 'Create User Account'));
            }
            if (empty($_POST['password'])) {
                die (errorpage ("Please enter a password!", 'Create User Account'));
            }
            if ($_POST['password'] !== $_POST['confirmpassword']) {
                die (errorpage ("Passwords do not match!", 'Create User Account'));
            }
            if (empty($_POST['email'])) {
                die (errorpage ("Please enter an e-mail address!", 'Create User Account'));
            }
            if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])) {
                die (errorpage ("Please enter a vaild e-mail address!", 'Create User Account'));
            }
            //Connect to DB using db.php
            $db = new my_db;
             
            //Clean up vars to make sure they are safe to insert into the DB
            $username = mysql_escape_string($_POST['username']);
            $password = sha1($_POST['password']); //Encode the password with a sha1 hash
            $firstname = mysql_escape_string($_POST['firstname']);
            $lastname = mysql_escape_string($_POST['lastname']);
            $email = mysql_escape_string($_POST['email']);
             
            //See if the user is already in DB
            $db->query("SELECT * FROM login WHERE username = '$username'");
            //If the user is, die with an error
            if ($db->nf() == 1) {
                die (errorpage ("User already exists!", 'Create User Account'));
            } else {
                //If the user is not alreadyadd the user to the DB
                $db->query("INSERT INTO login (username, password, firstname, lastname, email, userlevel) VALUES('$username','$password','$firstname','$lastname', '$email', '$newuserdefault') ");
            }
            //If nothing has caused the script to die, everything worked
            template_headtag('Create User Account');
            template_header();
            template_left();
            echo "<br/> User account created</font><BR><a href='javascript:history.back(1)'>Back</a>";
            template_footer();
        }
         
         
        else
            {
            //If the form has not yet been submitted display it
            template_headtag('Create User Account');
            template_header();
            template_left();
            echo "<div class='pageheadertext'>Create User Account</div><br/>";
             
            echo "
            <p>Please fill in all the fields. (You can edit the permissions after adding the user)</p>
            
                <form method='post' action='adduser.php'>
                <div align='center'><table>
                <tr>
                <td> First name: </td>
                <td> <input type='text' name='firstname'/> </td>
                </tr>
                <tr>
                <td> Last name: </td>
                <td> <input type='text' name='lastname'/> </td>
                </tr>
                <tr>
                <td> Username: </td>
                <td> <input type='text' name='username'/> </td>
                </tr>
                <tr>
                <td> Password: </td>
                <td> <input type='password' name='password'/> </td>
                </tr>
                <tr>
                <td>Confirm Password: </td>
                <td> <input type='password' name='confirmpassword'/> </td>
                </tr>
                <tr>
                <td> E-mail: </td>
                <td> <input type='text' name='email'/> </td>
                </tr>
                </table>
                <br />
                <input type='submit' name='Submit' value='Add user'/>
                </div>
                </form>
                ";
            template_footer();
        }
    }
?>
